Created using Mozilla's ssl config generator:
https://mozilla.github.io/server-side-tls/ssl-config-generator/
Intermediate setting was used, with apache version 2.2.22 and openssl 1.0.1e
Oldest compatible clients:
Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
On default iptables rules are updated to add ACCEPT egress traffic.
If the network egress default policy is false, CS remove ACCEPT and adds the DROP rule which
is egress default rule when there are no other egress rules.
If the CS network egress default policy is true, CS won't configure any default rule for egress because
router already came up to accept egress traffic. If there are already egress rules for network then the
egress rules get applied on VR.
For isolated network with out firewall service, VR default allows egress traffic (guestnetwork --> public network)
The booting sequence result in change of IPv6 related sysctl options was
overrided by sysctl.conf which is loaded later.
So this patch would patch sysctl.conf in VR as well, ensure IPv6 would be
enabled during booting period otherwise the network setup may not work, result
in IPv6 VM deployment failure.
Just prefer TLS over SSL in apache configuration in systemvm
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 88acc9bd53cbf6f8896d32576f916c20704a3403)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
In some network environment, 1*3 seconds by default make RvR setup too
sensitive. A configurable parameter would be better for fitting different
network environments.
The orignal "dhcp-range=xxx,static" would only prohibit DHCPREQUEST from unknown
hosts, but not DHCPINFORM which can request routing information. This caused
trouble for some bridged networks outside CloudStack.
This patch would fix the issue, prevent dnsmasq from acking any unknown request.
Signed-off-by: Sheng Yang <sheng.yang@citrix.com>
The original issue has been exposed due to CloudStack VR would modify the
dnsmasq.leases, thus make it unsync with dnsmasq's memory lease.
Make the modification to let dnsmasq handle the lease file if dhcp_release is
available.
Implemented commands that are required for VR to bootup and Vm deployment to work
Modified hyperv agent code, to deploy VR with Boot Args, boot args passed to VR using KVP Exchange Component.
Fix for VR to boot up and get configured with boot args, Fixed issue in VolumeOrchestrator
Implemented SetFirewallRulesCommand in HyperV Resource
Implemented VR network commands to provide the necessary services from VR
Fixed hyperv localstorage path encode url issue. encode is converting space to '+'
This patch would reset the priority in such condition:
1. All redundant routers are stopped, e.g. due to network GC
2. User start one VM in the network
3. The routers would be brought up with reseted priority(100 & 99).
This would resolve the issue of network GC result in lower limit of redundant router priority reached.
All (almost) files belonging to the systemvm aer now centralize in the systemvm directory. The code for the separate functions is still in the services directory. This will make the code easier to understand and makes it clear that the systemvm is a separate item. It alos means that it can be excluded from the build entirely by not adding the systemvm profile, this will speed up the compiles somewhat.
